2021
DOI: 10.48550/arxiv.2106.07925
|View full text |Cite
Preprint
|
Sign up to set email alerts
|

Machine Learning with Electronic Health Records is vulnerable to Backdoor Trigger Attacks

Abstract: Electronic Health Records (EHRs) provide a wealth of information for machine learning algorithms to predict the patient outcome from the data including diagnostic information, vital signals, lab tests, drug administration, and demographic information. Machine learning models can be built, for example, to evaluate patients based on their predicted mortality or morbidity and to predict required resources for efficient resource management in hospitals. In this paper, we demonstrate that an attacker can manipulate… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
10
0

Year Published

2021
2021
2022
2022

Publication Types

Select...
1
1

Relationship

1
1

Authors

Journals

citations
Cited by 2 publications
(10 citation statements)
references
References 11 publications
0
10
0
Order By: Relevance
“…In the “Attack Efficacy” section of this paper, we describe 2 experiments that investigated “random poisoning” and “target poisoning.” To assess the stealthiness of the attack, we experimented with the visual similarity between the trigger data and the clean data (described in the “Stealthiness” section) and the impact of an attack on general classification performance (“Impact on Classification Performance” section). We also compare performance with an existing technique [ 19 ] in the “Comparative Performance” section.…”
Section: Resultsmentioning
confidence: 99%
See 3 more Smart Citations
“…In the “Attack Efficacy” section of this paper, we describe 2 experiments that investigated “random poisoning” and “target poisoning.” To assess the stealthiness of the attack, we experimented with the visual similarity between the trigger data and the clean data (described in the “Stealthiness” section) and the impact of an attack on general classification performance (“Impact on Classification Performance” section). We also compare performance with an existing technique [ 19 ] in the “Comparative Performance” section.…”
Section: Resultsmentioning
confidence: 99%
“…In the experiment results, our backdoor attack showed a 98% attack success rate for linear regression (LR) when 0.4% of the training data set was poisoned with trigger data. Considering that the previous approach [ 19 ] required 3% data poisoning to achieve the same success rate, our attack shows significant performance improvements. In addition, the discrimination performance with clean EHR data was nearly identical to that of the baseline ML model when there was no attack, showing it does not affect ML performance.…”
Section: Introductionmentioning
confidence: 99%
See 2 more Smart Citations
“…Since then, there have been several attacks and defenses in neural networks with attacks focusing on stealth and undetectability and defenses focusing on generalization of detection across datasets and applications [14,26]. The backdoor attack literature primarily focuses on DNNs, specifically because of the black-box nature of DNNs which deters the development of a generic defense, with very few focusing on smaller models [20,45]. The triggers are designed from the perspective of the input, rather than the model, so that they remain hidden (inconspicuous) from the user.…”
Section: Related Workmentioning
confidence: 99%